Sign up for the FintechLinks blog

Developments in Italy – proposals for an Italian fintech regulatory sandbox and a key regulatory report on Big Data

The concurrent publication of a fintech regulatory sandbox decree and a report by three key regulators on Big Data - with specific recommendations for the finance sector - shows that fintech is gaining increased profile in the Italian policymakers’ attention. While fintech firms will hopefully receive a boost in their growth thanks to the creation of the regulatory sandbox, incumbents are also pushed to adapt themselves to the recent developments in financial and data regulation, to secure a balance between compliance with existing rules and the pursuit of increased profits through an efficient use of technologies.

Proposals for Italian fintech sandbox

The impact of regulation on fintech

While the concept of the fintech industry evolves rapidly in Italy – from equity crowdfunding to ICO, from electronic payments to bitcoins, from online trading to robo-advisory – it is not always clear whether and to what extent the regulations apply. This creates risks for industry participants and consumers particularly in areas such as fraud, cyber-attacks or money laundering.

This risk is a key issue given that beyond the technological and economic aspects of the fintech solutions, regulatory considerations can have a significant impact on to fintech development.

Consultation on proposals

In Italy the government is following the example of the UK and have recently conducted a public consultation process regarding proposals to develop a fintech sector regulatory sandbox. The aim is to maintain the “fast, global and proportionate approach” towards fintech regulation originally proposed by the European Commission in March 2018 in its Fintech Action Plan in order to avoid the risk of stifling innovation by simply extending to technological finance the rules valid for traditional finance.

The consultation builds on Article 36 of Law Decree 34/2019 (the so called Growth Decree), which provided for the establishment of a Fintech Committee within the Italian Ministry of Economy and Finance and the adoption of one or more ministerial decrees regulating the Italian fintech sandbox, following discussions with the supervisory authorities of the financial sector (Bank of Italy, CONSOB and IVASS).

The consultation is open until the end of March and all interested market participants can contribute by submitting their thoughts to the following email address: dt.direzione4.ufficio6@mef.gov.it.

How will the Italian Sandbox work?

The fintech sandbox is intended to promote technological innovation by allowing fintech companies to test new services and products in the financial, credit and insurance sectors, under the supervision of the competent authorities for a limited period of time.

In this structured and controlled environment, firms can better understand the opportunities and risks presented by innovations and their regulatory treatment through a testing phase.

Key principles

The decree published for public consultation (theSandbox Decree) identifies the activities where experimentation is allowed, the requirements and procedures for applying to the program, the supervisory instruments of the authorities and the processes for concluding the experimentation phase.

Fintech activities are defined as "all techno-finance activities aimed at pursuing, through new technologies, the innovation of services and products in the financial, credit and insurance sectors". The Italian Sandbox will therefore be accessible to entities carrying out fintech activities and willing to bring added value in terms of benefits for final users or general efficiency of the financial system, who request a temporary exemption from the usual regulatory framework.

The proposed testing period for any admitted project has a maximum duration of 18 months, which may be extended upon request of the applicant.

In addition, the Sandbox Decree lays down the operational guidelines of the Fintech Committee, which will be responsible for observing and monitoring the fintech evolution to then define goals, programmes and implementing actions for promoting the development of techno-finance, as well as for facilitating contacts and exchange of information between fintech operators and authorities.

The week following the publication of the Sandbox Decree, the Italian Regulatory Authority for Communications (AGCOM), the Italian Competition Authority (AGCM) and the Italian Data Protection Authority (DPA) published a final report on their Big Data survey. The analysis for this report was conducted through extensive hearings and requests for information to companies, trade associations and experts in the field, which took place between November 2017 and November 2018.

The survey examines the impact of Big Data on the users who provide the data, the firms that use them and the markets, from the perspectives of the three different authorities. A key objective of the study is to fully grasp the potential for synergies between the three authorities and to identify the most appropriate tools for possible interventions.

Survey’s key finding re data creation and the finance sector

The survey confirms that, data creation is occurring exponentially. In 2018, the total volume of data created worldwide was 28 zettabytes, an increase of more than ten times compared to 2011 and by 2025 the total volume of data is expected to reach 163 ZB. This growth, driven by the rise of online platforms, will be further accelerated by the development of the 5G IoT market.

Notably, the survey underlines that the overall economic value of Big Data reached 1.4 billion of euros in 2018 and that the biggest portion of investments in Big Data (28% of the overall expenditure) comes from the banking and financial sector.

Five key topics

The survey addresses five fundamental topics relating to the collection and use of Big Data. In particular:

The definition and description of Big Data: Big data refers to the collection, analysis and accumulation of large quantities of data, which may include data relating to an identified or identifiable natural person (i.e. personal data). This data is then analysed through algorithms to extract information to be used for economic purposes – also known as the commercialisation of data.

GDPR challenges for Italian companies: These include: (i) the requirement to anonymise of data used for profiling; (ii) the effective collection of consent by consumers for the use of their data; (iii) the identification of subjects to be authorised to access and use the data collected.

The impact of Big Data on the online advertising and finance sectors. AGCOM has been reviewing and analysing the online advertising sector market to determine positions which are dominant or otherwise detrimental to healthy competition. In addition, AGCOM has been considering the risks of using the data collected for the production and dissemination of misinformation or of content which does not respect human dignity (such as hate speech or racial/ sexual discrimination). Along with this analysis, AGCOM underlines that also the banking and financial sector is to be kept under close scrutiny by the regulator, considering its widespread use of data for commercial purposes.

The impact of Big Data on Data Privacy: DPA has been considering the possible impact of Big Data analytics on data protection rights and the measures and precautions to be taken in practice to mitigate potential risks to infringement of such rights. In light of the stringent GDPR measures and of other relevant guidelines enacted at the international and EU level (EU Parliament resolution of 14 March 2017 on fundamental rights implications of Big Data), the DPA reflects on the practical enactment of the provisions and the issues that may arise in their day to day application (e.g., ensuring the real accountability of those handling the data).

Concerns around Big Data and implications for antitrust and consumer protection: AGCM is concerned that among other things, the use of Big Data could facilitate the emergence of dominant positions. In fact, the quantity of data owned by the existing operators in a market could provide them with a significant competitive advantage with respect to potential new participants, thus creating a barrier to entry.

Guidelines and policy recommendations

The report outlines a number of guidelines and policy recommendations for the legislator, with the objective of promoting an appropriate regulatory framework for the effective and correct utilisation of public and personal data.

These include a commitment by the three Authorities to create a “permanent cooperation mechanism, which will involve coordinated interventions aimed at:

establishing a level playing field in the utilisation of data

raising the public awareness on benefits and risks of using the data for economic purposes, and

studying the impact of Big Data on businesses, consumers and citizens.

What is happening next?

Overall, the current state of play highlights how Italian authorities are actively considering the creation of a national regulatory environment appropriate for the digitalisation of commerce and finance. We will be tracking developments – please contact us if you would specific advice on the evolving regulatory environment for fintech in Italy.